The present disclosure relates to smart cards and, more particularly, to smart cards sensing attacks thereto from light sources.
Smart cards have integrated circuit (IC) chips for processing specific operations by embedding microprocessors, card operating systems, security modules, and memories therein. Smart cards are equipped to perform various functions such as arithmetic operations, encryption, and bilateral communication, and offer high security and portability for users.
Smart cards are able to store and process information, unlike other kinds of memory cards that simply contain memory devices. Operations for reading, writing, and erasing data and programs stored in a smart card, and communicating data between the smart card and an external system, are strictly controlled and protected from external attacks by built-in physical security functions and an elaborate encryption system. Owing to those practical merits, smart cards are widely used in various commercial applications, such as, payment for a fee of a mobile phone, personal identification for internet access, payment for a parking fare, payment for subway, train, bus, highway tolls, direct provision of personal records to hospitals or doctors without additional forms, purchase from internet markets, gasoline and oil supply at gas stations, and so on.
For those functions, smart cards are generally required to have their internal integrated circuit (IC) chips charged with cash or store numbers or information of credit cards, or personal specifications. Therefore, it is essential for the internal information of smart cards to be secure in order to safely use them.
With a recent increase in the use of smart cards, as more and more security techniques are provided for the IC chips thereof, there are various attacking techniques to break their protection systems for pecuniary profits.
Unauthorized access to the smart card in general is called ‘tampering’. Techniques of tampering may be divided into microprobing, software attacks, eavesdropping, and fault generation.
A microprobing technique may be used for directly accessing the surface of an IC chip. A software attack is operable with a general communication interface, utilizing security vulnerability arising from protocols, an encryption algorithm, or execution of an algorithm. An eavesdropping technique is carried out by evaluating analog characteristics of all supplies and interface couplings and measuring electromagnetic radiation generated from a processor during a normal operation. A fault generation technique operates to create a malfunction of a processor to provide an additional access by means of abnormal environment conditions. The microprobing technique is a kind of invasive attack, requiring a lot of time. The other techniques are kinds of non-invasive attacks.
As one kind of non-invasive attack, a glitch attacking technique is able to freely hack a smart card by applying an external signal thereto to make it operate irregularly or applying an abnormal signal to its power.
In recent years, there is an attacking technique intending to change data of a memory in a smart card by means of a laser that can be emitted locally, which makes it difficult to clearly protect smart cards that use conventional optical sensors.